Role Description:
The role holder will be responsible for overseeing the security framework to ensure security controls are in place in the bank, direct the cyber security strategy, identify threat scenarios quantify risks and work with stakeholders to ensure effective mitigation controls are in place and ensure compliance with all relevant regulatory requirements. Additionally, he/she will be responsible for overseeing group vulnerability posture (vulnerability management), performing Risk Control Assessments and design of cybersecurity controls.
Responsibilities:
Create and maintain technical standards and baselines for security and network solutions across the organization.
Perform security assessments including VAPT on the LAN environment, hence, providing assurance on the network posture.
Perform database security reviews (VAPT, security configuration among others).
Understand network access control.
Support the implementation of security critical controls across Group.
Maintaining LAN, WLAN, and architecture of the Network as per the business policy.
Measure, analyze and implement new security protocols for greater efficiency against any threat or malfunctions.
Generating and maintaining the virtual private network, firewalls, web protocols and email security decorum.
Investigations of Network Security breach alert.
Drive the implementation of Security standards for Network devices across the Group.
Conduct periodic security reviews on the Network infrastructure and reviewing connection matrix.
Monitoring of web security gateways, perimeter security, network access controls, endpoint security.
Ensure the Group maintains a current enterprise -wide knowledge base of its users, devices, application, and their relationships.
Keep up to date with the latest security and technology developments, research/ evaluate emerging security threats and ways to manage them.
Design cybersecurity controls with the consideration of users at all levels of the organization, including internal (i.e. management and staff) and external users (i.e. contractors/consultants, business partners and service providers).
Support the maintenance of ISO standards and certifications.
Provide support with review of 3rd Party connections across Group.
Organizing professional cyber related trainings to improve technical proficiency of staff and user awareness trainings for improved cyber hygiene.
Participate in the implementation of network security initiatives as per the cybersecurity strategy.
All material cybersecurity events that affected the Bank during the period.
Reporting to the Board, at least quarterly, on EQUITY'S capability to manage cybersecurity and progress in implementation of the cybersecurity strategy and goals.
Ensure timely update of the incident response mechanism and Business Continuity Plan (BCP) based on the latest cyber threat intelligence gathered.
Conduct oversight over and provide directions to any third-party service provider contracted to perform operational security functions such as information security monitoring, testing and threat intelligence.
Use of advanced analytic tools to determine emerging threat patterns and vulnerabilities.
Drive implementation of capabilities to enable optimal Information Security control environment; directly responsible for significantly contributing to the overall security posture, stability and resiliency to the EQUITY environment and security solutions.
Create and maintain security roadmap requirements by monitoring the control environment; identifying security gaps; evaluating and implementing enhancements.
Evaluate and manage outsourced / third-party technologies and hosting environments to ensure they provide adequate protection for the processing, transmission, and storage of EQUITY's information; validate that security controls are designed properly, perform effectively and align to Group Information Security.
Work with the application functions, network teams and IT infrastructure teams to identify and assist with the implementation of Security policy, process, people and technology improvements.
Analyse and provide remediation guidance for identified weaknesses or vulnerabilities, validating and verifying appropriate remediation.
Work closely with the various business and Technology teams to identify and select the right security controls to protect EQUITY's network & IT infrastructure, cloud and IoT solutions.
Qualifications:
5+ years of relevant work experience in Information Technology (specifically security).
5+ years' experience in core network technologies of a telecom or Banking environment.
Experience in designing and implementing organization wide information security Network architecture and framework.
Experience in managing and implementing large scale information security Network projects.
Advanced working understanding of the information technology and Networking environment of a Financial and Technology driven Organization.
Preferred certifications:
CCNA, CEH, CCNP, Network + or equivalent.
CISSP, CISM (added advantage)